Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
HarveyRebelo
Staff
Staff

Created on ‎07-17-2024 09:25 PM Edited on ‎08-10-2025 11:37 PM By Community Manager

Article Id 326582

Technical Tip: VPN IPSEC DIAL UP does not work with the same DH groups

Description

 

This article describes the behavior and how to fix a VPN IPSEC dial-up connection issue with FortiClient (Free and Paid Version)

 

Scope

 

FortiGate v7, v7.2, v7.4, FortiClient 7.2.9 and 7.4.

 

Solution

 

  1. After Configure VPN IPSEC Dial-up successfully, and setting the same DH Groups on FortiClient, the negotiation fails:

 

HarveyRebelo_0-1721249635414.png

 

HarveyRebelo_1-1721249635418.png

 

HarveyRebelo_2-1721249635422.png

 

HarveyRebelo_3-1721249635425.png

 

  1. To mitigate this issue, specify only one DH group on VPN IPSEC configuration on FortiGate (it does not matter if uses DH 14 or 5 group, any should work).

 

HarveyRebelo_4-1721249635427.png

 

HarveyRebelo_5-1721249635430.png

 

Note:

Certain versions of FortiOS and FortiClient may have different default DH group/s enabled, so it is important to check the configuration, not just leave with default settings, and match the enabled DH group/s both in phase-1 and phase-2 settings.

Related articles:
Troubleshooting Tip: Dial-up IPsec VPN in aggressive mode when more than one DH Group is selected

Technical Tip: Generate DH public value request pending and compute DH shared secret request pending...

 

2503
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.